diff --git ext/openssl/lib/openssl/ssl.rb ext/openssl/lib/openssl/ssl.rb
index ff1d4ef..a96aad0 100644
--- ext/openssl/lib/openssl/ssl.rb
+++ ext/openssl/lib/openssl/ssl.rb
@@ -174,6 +174,14 @@ module OpenSSL
       include Nonblock
 
       def post_connection_check(hostname)
+        if peer_cert.nil?
+          msg = "Peer verification enabled, but no certificate received."
+          if using_anon_cipher?
+            msg += " Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."
+          end
+          raise SSLError, msg
+        end
+
         unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
           raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
         end
@@ -185,6 +193,14 @@ module OpenSSL
       rescue SSL::Session::SessionError
         nil
       end
+
+      private
+
+      def using_anon_cipher?
+        ctx = OpenSSL::SSL::SSLContext.new
+        ctx.ciphers = "aNULL"
+        ctx.ciphers.include?(cipher)
+      end
     end
 
     ##
diff --git test/openssl/test_ssl.rb test/openssl/test_ssl.rb
index 3eddb0a..e6a77f3 100644
--- test/openssl/test_ssl.rb
+++ test/openssl/test_ssl.rb
@@ -369,6 +369,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
       }
     }
 
+    start_server(OpenSSL::SSL::VERIFY_NONE, true, {use_anon_cipher: true}){|server, port|
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.ciphers = "aNULL"
+      server_connect(port, ctx) { |ssl|
+        msg = "Peer verification enabled, but no certificate received. Anonymous cipher suite " \
+          "ADH-AES256-GCM-SHA384 was negotiated. Anonymous suites must be disabled to use peer verification."
+        assert_raise_with_message(sslerr,msg){ssl.post_connection_check("localhost.localdomain")}
+      }
+    }
+
     now = Time.now
     exts = [
       ["keyUsage","keyEncipherment,digitalSignature",true],
diff --git test/openssl/utils.rb test/openssl/utils.rb
index 1da3bcf..bd936be 100644
--- test/openssl/utils.rb
+++ test/openssl/utils.rb
@@ -270,12 +270,14 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
         ctx_proc = args[:ctx_proc]
         server_proc = args[:server_proc]
         ignore_listener_error = args.fetch(:ignore_listener_error, false)
+        use_anon_cipher = args.fetch(:use_anon_cipher, false)
         server_proc ||= method(:readwrite_loop)
 
         store = OpenSSL::X509::Store.new
         store.add_cert(@ca_cert)
         store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
         ctx = OpenSSL::SSL::SSLContext.new
+        ctx.ciphers = "ADH-AES256-GCM-SHA384" if use_anon_cipher
         ctx.cert_store = store
         #ctx.extra_chain_cert = [ ca_cert ]
         ctx.cert = @svr_cert